Security Through Boredom

Menu

Post navigation

AppArmor Profile For Pulseaudio

Pulseaudio is an application used on many Linux systems to handle audio. It isn’t PIE, so it’s not a bad idea to restrict it. I believe Fedora uses an SELinux profile for Pulseaudio, but as an Ubuntu user I’m left having to make an AppArmor profile for it. If you’ve been reading my blog you’ll know that AppArmor is a Mandatory Access Control system used by default by Ubuntu, among other Linux distributions. Restricting programs with AppArmor limits potential damage of vulnerabilities in those programs.

This profile works on my 64bit Ubuntu system. I’ll keep it updated here in case something changes, but I’m watching video via Chrome just fine. It’s obviously not a very strong AppArmor profile as Pulseaudio starts off running with very high rights/ capabilities, but we can at least somewhat limit file access. I’m going to try to limit lib access further, but for now this is something.

I’ll update this as needed, but as it is things should work smoothly. Follow me @insanitybit for consistent updates.